Helios General Privacy Notice

1. Overview

All Helios entities listed in the Helios Group Overview attached hereto as Annex 1 (collectively, “Helios,” “we,” “us,” “our”) respect your privacy and are committed to protecting the personal data we hold about you. If you have questions, comments, or concerns about this Privacy Notice or our processing of personal data, please see the bottom of this Privacy Notice for information about how to contact us. This Privacy Notice explains our practices as data controller with respect to personal data we collect and process about you and the rights you have in relation to your personal data. This includes information we collect through, or in association with, your employment with us, if applicable, our website with a home page located at www.helios.io, our apps that we may provide, our products and services that we may offer from time to time, our related social media sites, or otherwise through your interactions with us (the website, apps, products, services) (collectively, the “Services”). 

To the extent we are subject to the UK General Data Protection Regulation (“UK GDPR”) and the EU General Data Protection Regulation (“EU GDPR”) (together, the “GDPR”) in relation to our Services, please refer to section “EU and UK Privacy Rights” to review the specific rights you have.

Please review the following to understand how we process and safeguard personal data about you. By using any of our Services, whether by visiting our website or otherwise, and/or by voluntarily providing personal data to us, you acknowledge that you have read and understand the practices contained in this Privacy Notice, including that depending on your location, you are sharing your personal data with an organization that is based in the United States of America. This Privacy Notice may be revised from time to time, so please ensure that you check this Privacy Notice periodically to remain fully informed.

2. Personal Data We Collect

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual (“Personal Data”). In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not Personal Data. To the extent this data is stored or associated with Personal Data, it will be treated as Personal Data; otherwise, the data is not subject to this notice.

A. Categories of Personal Data We Collect and How We Obtain Your Personal Data

The Personal Data we collect about you depends on the activities carried out through our website or the Services we provide to you. We may collect and use the following Personal Data about you, as applicable and where legally permitted:

  1. When you request information from us. We may ask you to provide us with your contact information such as name, business email, telephone number, company name, job level, functional role, and address. 

  2. If you are our customer. We might collect your business contact information including your name, business email, telephone number, company name and location. We will process information about the Services we provide to you. If you contact Helios for support related to your organization’s use of our Services, or events, we will also collect information about the reason for your inquiry and any other information you choose to provide to us. 

  3. If we provide payroll or other invoicing and payment services. If you are employed by or provide services as an independent contractor to one of our customers and we are providing payroll or other invoicing and payment Services, your employer might share your name, postal address, date of birth, email address, social security number, position, and financial details including your bank account details and salary information.

  4. If you have an employment agreement with us. We might collect your identification data, contact details, education and professional background such as academic/professional qualifications, licenses and skills, languages spoken, work history, dates of employment, experience, education, degree status, professional licenses, other CV/resumé data, references/referee information, compensation history, where legally permitted, and desired pay. Any other information provided through your CV, cover letter and historical compensation (where legally permitted). 

  5. If you use our website or interact with us on our social media pages or by telephone. We might collect your activities on, and use of, our website, internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement, and details of any information, feedback or other matters you give to us by phone, email, post or via social media.

  6. If you are our partner or vendor. We might collect information about your business to evaluate business, quality, information security and privacy risks and perform know your customers and other similar checks against sanction laws. 

You have choices about certain information we collect. When you are asked to provide information, you may decline to do so; but if you choose not to provide information that is necessary to provide any aspect of our Services, you may not be able to use those Services. 

B. Legal Bases for Processing

We process Personal Data for, or based on, one or more of the following legal bases: 

  • Where you give your Consent. 

  • Performance of a Contract. We may process your Personal Data to enter into, or perform under, the agreement between us for our or your Services.

  • Legitimate Interests. We may process Personal Data for our legitimate interests, including improving our Services; providing information about our products and/or services; to the extent necessary and proportionate for the purposes of ensuring network and information security; and to improve our website.

  • Compliance with Legal/Regulatory Obligations and Protection of Individuals. We may process Personal Data to comply with the law and our legal obligations, as well as to protect you and other individuals from certain harms.

A legitimate interest is when we have a business or commercial reason to use your Personal Data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

C. How We Use Your Personal Data

What we use your Personal Data for

Our reasons

Providing Services to you and/or our clients

To perform our contract with our clients or to take steps at our clients’ request before entering into a contract.

Conducting checks to identify you and verify your identity or to help prevent and detect fraud against you or us

To comply with our legal and regulatory obligations, or for our legitimate interests, such as to minimize fraud that could be damaging for you and/or us.

Enforcing legal rights or defend or undertake legal proceedings

Depending on the circumstances:

  • to comply with our legal and regulatory obligations; and/or

  • in other cases, for our legitimate interests, such as to protect our business, interests and rights.

Customizing our website and its content to your preferences, based on a record of your selected preferences or on your use of our website

Depending on the circumstances:

  • your consent as gathered, for example, via our cookies (see ‘Cookies’ below) or a declaration of consent;

  • where we are not required to obtain your consent and do not do so, for our legitimate interests, such as to be as efficient as we can so we can deliver the best service to you.

Retaining and evaluating information on your recent visits to our website and how you move around different sections of our website, for analytics purposes to understand how people use our website so that we can make it more intuitive or to check if our website is working as intended

Depending on the circumstances:

  • your consent as gathered, for example, via our cookies (see ‘Cookies’ below) or a declaration of consent;

  • where we are not required to obtain your consent and do not do so, for our legitimate interests, such as to be as efficient as we can so we can deliver the best service to you.

Communications with you not related to marketing, including about changes to our terms or policies or changes to the Services or other important notices

Depending on the circumstances:

  • to comply with our legal and regulatory obligations;

  • in other cases, for our legitimate interests, such as to be as efficient as we can so we can deliver the best service to you.

Protecting the security of systems and data used to provide the Services

  • To comply with contractual, regulatory or other obligations.

  • We may also use your Personal Data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, such as to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us.

Statistical analysis to help us understand our customer base

For our legitimate interests, such as to be as efficient as we can so we can deliver the best service to you.

Updating and enhancing customer records

Depending on the circumstances:

  • to perform our contract with you or to take steps at your request before entering into a contract;

  • to comply with our legal and regulatory obligations;

  • where neither of the above apply, for our legitimate interests, for example, making sure that we can keep in touch with our customers about existing orders and new products.

Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, e.g., to record and demonstrate evidence of your consents where relevant

To comply with our legal and regulatory obligations.

Marketing our Services to existing and former customers

For our legitimate interests, such as to promote our business to existing and former customers.

Sharing your Personal Data with members of our group to provide our Services

To perform our contract with our client or to take steps at our client’s request before entering into a contract.

Sharing your Personal Data with third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency

In such cases information will be anonymized where possible and only shared where necessary

Depending on the circumstances:

  • to comply with our legal and regulatory obligations;

  • in other cases, for our legitimate interests, such as to protect, realize or grow the value in our business and assets.

We will not use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your consent.

d. Who We Share Your Personal Data With

Some of the above processing involves sharing collected Personal Data with third parties, including (but not limited to) service providers and other third parties in the following circumstances: 

  • Our Service Providers and Contractors.

  • Our affiliated entities who require access to your Personal Data for business purposes or to provide our Services.

  • Government or regulatory agencies when permitted or required to do so by law; in response to a request from a law enforcement agency or authority or any regulatory authority; and/or to protect the integrity of the Services or our interests, rights, property, or safety, and/or that of our users and others.

  • We reserve the right to disclose and transfer your Personal Data in connection with a corporate merger, consolidation, restructuring, financing, sale of substantially all assets, or other corporate change, including for transaction due diligence. 

  • We may share your Personal Data with our external auditors or our professional advisors.  

We only allow those organizations to handle your Personal Data if we are sure that they take appropriate measures to protect your Personal Data. We also impose confidentiality and other contractual obligations on them to ensure they can only use your Personal Data to provide services to us and to you.

3. Your Rights Regarding Personal Data

You have certain rights regarding the collection and processing of Personal Data. You may exercise these rights, to the extent they apply to you, by contacting us at the information provided at the end of this Privacy Notice, or by following instructions provided in this Privacy Notice or in communications sent to you. Please be prepared to provide reasonable information to identify yourself and authenticate your requests.

These rights vary depending on the particular laws of the jurisdiction applicable to you.

a. Accessing, Modifying, Rectifying, and Correcting Collected Personal Data

We strive to maintain the accuracy of any Personal Data collected from you, and will respond without undue delay to update our records when you tell us the information in our records is not correct. However, we must rely upon you to ensure that the information you provide to us is complete, accurate, and up-to-date, and to inform us of any changes. Please review all of your information carefully before submitting it to us, and notify us as soon as possible of any updates or corrections; you can do this by emailing us at privacy@helios.io.

If you wish to access, review, or make changes to certain Personal Data you have provided to us through the Services, you may do so at any time through your account on the Services or by contacting us as provided below.

In accordance with applicable law, you may have the right to access or obtain from us certain Personal Data in our records by contacting us as provided at the end of this Privacy Notice. Please note, however, that we reserve the right to deny access as permitted or required by applicable law.

b. GDPR Rights

The GDPR and other applicable data protection laws provide certain individuals with enhanced rights in respect of their Personal Data. These rights may include, depending on the circumstances surrounding the processing of Personal Data:

  • Access to a copy of your Personal Data - the right to be provided with a copy of your Personal Data;

  • Correction (also known as rectification) – the right to require us to correct any mistakes in your Personal Data;

  • Erasure (also known as the right to be forgotten) - the right to require us to delete your Personal Data, in certain situations;

  • Restriction of use – the right to require us to restrict use of your Personal Data in certain circumstances, for example, if you contest the accuracy of such data; 

  • Data portability – the right to receive the Personal Data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third-party, in certain situations;

  • To object to use - the right to object (i) at any time to your Personal Data being used for direct marketing (including profiling); and/or (ii) in certain other situations to our continued use of your Personal Data, e.g. where we use your Personal Data for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims;

  • Not to be subject to decisions without human involvement – the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. We do not make any such decisions based on data collected by our website; and

  • The right to withdraw consents – if you have provided us with a consent to use your Personal Data you have a right to withdraw that consent easily at any time. Please contact us to do so.  Withdrawing a consent will not affect the lawfulness of our use of your Personal Data in reliance on that consent before it was withdrawn.

4. Your Choices

You have the ability to make certain choices about how we communicate with you, and how we process certain Personal Data.

a. Marketing and Opt-Out. We may use your Personal Data to send you updates by email about our Services, including exclusive offers, promotions or new service offers. We can have a legitimate interest in using your Personal Data for marketing purposes (see above How and why we use your Personal Data). This means we do not need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly. You may opt out of receiving marketing communications from us at any time. 

b. Location Information. If you want to limit or prevent our ability to receive location information from you, you can deny or remove the permission for certain Services to access location information or deactivate location services on your device. Please refer to your device manufacturer or operating system instructions for instructions on how to do this. 

5. Protecting Personal Data

We use reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of Personal Data. Those safeguards include: (i) the pseudonymization and encryption of Personal Data where we deem appropriate; (ii) taking steps to ensure Personal Data is backed up and remains available in the event of a security incident; and (iii) periodic testing, assessment, and evaluation of the effectiveness of our safeguards. 

However, no method of safeguarding information is completely secure. While we use measures designed to protect Personal Data, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure. 

6. Retention of Personal Data

We retain Personal Data for no longer than necessary to provide the Services and to carry out the processing activities described above, including but not limited to compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, and to the extent we reasonably deem necessary to protect our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties.

Your Personal Data will not be kept in a form that allows you to be identified for any longer than necessary to accomplish the purposes for which it was collected or processed, and as permitted or required by applicable laws related to data retention. The retention period for your Personal Data is determined based on the purpose of processing of the particular data.

Thereafter, as a general matter, your Personal Data may be archived and stored to be used and otherwise processed in the event of legal or regulatory requirements, statutes of limitations, disputes, or actions, and will be stored and, if applicable, used and otherwise processed until reasonably after the end of any such requirement, limitation, dispute, or action, including any potential periods of review or appeal.

Following the end of the relevant retention period, we will delete or anonymize your Personal Data, or archive it as permitted by applicable law.

7. Other Important Information About Personal Data and the Services.

a. Collection of Personal Data from Children. Children under 18 years of age are not permitted to use the Services, and we do not knowingly collect information from children under the age of 18. By using the Services, you represent that you are 18 years of age or older.

b. Third-Party Websites and Services. As a convenience, we may reference or provide links to third-party websites and services, including those of unaffiliated third parties, our affiliates, service providers, and third parties with which we do business with. When you access these third-party services, you leave our Services, and we are not responsible for, and do not control, the content, security, or privacy practices employed by any third-party websites and services. You access these third-party services at your own risk. This Privacy Notice does not apply to any third-party services; please refer to the privacy notice or policies for such third-party services for information about how they collect, use, and process Personal Data.

c. Business Transfer. We may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise. Personal Data we obtain from or about you via the Services may be disclosed to any potential or actual third-party acquirers and may be among those assets transferred.

d. Tracking. We may use analytics systems and providers that process Personal Data about your online activities over time and across third-party websites or online services, and these systems and providers may provide some of this information to us.

8. International Use.

Helios is a global business that operates in a number of jurisdictions around the world and complies with legal requirements when we need to transfer your Personal Data or process your Personal Data in a country outside your jurisdiction. We are headquartered and operate from the United States, therefore your Personal Data might be stored and processed in the United States. We may also store your Personal Data in other jurisdictions such as the locations of the entities outlined in Schedule 1. 

By your use of the Services you acknowledge that we will transfer your Personal Data to, and store your Personal Data in, the United States and other jurisdictions, which may have different Data protection rules than in your country, and Personal Data may become accessible as permitted by law in the United States, including to law enforcement and/or national security authorities in the United States. 

To the extent GDPR is applicable, we will only transfer your Personal Data in accordance with applicable data protection laws and we only transfer your Personal Data to a country outside the UK/EEA where:

  • in the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of Personal Data (known as an ‘adequacy decision’); 

  • in the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of Personal Data (known as an ‘adequacy decision’);

  • or there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you. This will most likely be that we have put in place the appropriate standard contractual clauses; 

  • or a specific exception applies under relevant data protection law.

9. Modifications and Updates to this Privacy Notice

This Privacy Notice replaces all previous disclosures we may have provided to you about our information practices with respect to the Services. We reserve the right, at any time, to modify, alter, and/or update this Privacy Notice, and any such modifications, alterations, or updates will be effective upon our posting of the revised Privacy Notice. Your continued use of the Services following our posting of any revised Privacy Notice will constitute your acknowledgement of the amended Privacy Notice. When we make significant changes, we will take steps to inform you, for example via emailing you a copy of the updated Privacy Notice.

10. Applicability of this Privacy Notice

This Privacy Notice is subject to any agreements that govern your use of the Services and applies regardless of the means used to access or provide information through the Services. 

This Privacy Notice does not apply to information from or about you collected by any third-party services, applications, or advertisements associated with, or websites linked from, the Services. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party’s compliance therewith. 

11. Additional Information and Assistance

If you have any questions or concerns about this Privacy Notice and/or how we process Personal Data, please contact us at: 

Data Protection Officer, 
HELIOS GLOBAL PAYMENTS SOLUTIONS INC.,
8 The Green, STE B,
Dover, DE 19901, 
USA

If you are located in the United Kingdom, European Union or European Economic Area, and you wish to raise a concern regarding our use of your Personal Data, you have the right to do so with your lead supervisory authority https://edpb.europa.eu/about-edpb/about-edpb/members_en or your local supervisory authority. 

For more information about how users with disabilities can access this Privacy Notice in an alternative format, please contact us through the above contact methods.

12. US (California and Nevada) and Canada Privacy Law

In case of applicability of privacy laws from the US (California and Nevada) or Canada, please refer to our region-specific privacy notice. 

Last updated: May 2024

ANNEX 1 

HELIOS GROUP OVERVIEW

  1. HELIOS GLOBAL PAYMENTS SOLUTIONS INC.
    1881 Steeles W Ave, 406, North York, Ontario, M3H0A1, CANADA

  2. HELIOS (SHENZHEN) TECHNOLOGY COMPANY LTD.
    203-5, Block CD, Building 7, Xinghua Industrial Building, No.4, Industrial Sixth Road, Huaguoshan Community, Merchants Street, Nanshan District, Shenzhen, CHINA

  3. HELIOS GLOBAL PAYMENTS SOLUTIONS S.A.S.
    Cl 140 No 10 A - 48 Of 215, Bogotá D.C., COLOMBIA

  4. HELIOS GLOBAL SOLUTIONS LIMITED (HONG KONG)
    Suit 1106-8, 11/F Tai Yau BLDG NO 181 Johnston RD Wanchai, HONG KONG

  5. HGPAYSOLUTIONS INDIA PRIVATE LIMITED
    606, Surya Kiran Building, 19, Kasturba Gandhi Marg, Connaught Place, New Delhi, Central Delhi 110001, Delhi, INDIA

  6. HELIOS GLOBAL PAYMENTS SOLUTIONS LIMITED 
    22 Northumberland Road, Ballsbridge, Dublin 4, IRELAND D04 ED73

  7. HELIOS GLOBAL SOLUTIONS (PTY) LTD
    c/o Schindlers Attorneys, PO box 661, Melrose Arch, Johannesburg Gauteng 2076, SOUTH AFRICA

  8. HELIOS GLOBAL SOLUTIONS, S.L.
    Calle Pau Claris 154, 2º piso, 08009 Barcelona, SPAIN

  9. HELIOS GLOBAL SOLUTIONS LIMITED
    3rd floor 207 Regent Street, London, W1B 3HH, UNITED KINGDOM

  10. HELIOS GLOBAL PAYMENTS SOLUTIONS INC. - Headquarters -
    8 The Green, STE B, Dover, DE 19901, USA

Last updated: May 2024